'It's called "Baton" and it was developed by the NSA, the details of the algorithm are Top Secret/Propreitary. It's a Type-1 encryption algorithm, the kind that can be used to encrypt Secret/Top-Secret information, for example, on SIPRNET. Harris/Intersil was licensed to create a security module that implements the algorithm.

Baton is a symmetric key cypher, by the way. I read somewhere it's a 160 or 320-bit key and of course it has various chaining modes. So it's definitely strong. It uses the SHA-1 hash in the protocol too."

Baton is a symmetric key cypher, by the way. I read somewhere it's a 160 or 320-bit key and of course it has various chaining modes. So it's definitely strong. It uses the SHA-1 hash in the protocol too."

First, there is nothing to say that it is "definitely strong,", based on just a length of key. Assuming key exhaustion is the only route of attack, then sure, a key of this size is regarded as sufficiently safe, in that case. Of course, one can't assume that when contemplating the secure use of an algorithm.

Right, BATON is symmetric cipher. To be more precise, it's a 128-bit block cipher, as is JUNIPER, another likewise-classed algorithm. They are both briefly specified in PKCS #11 v2.11 (Cryptographic Token Interface Standard), as secret key objects which use 40-byte (320-bit) keys, of who's 160 parity bits must be properly set. This is vital, to avoid an error.

It was established that BATON provided an efficient, and critical, increase in encryption speed, via technology at that time, that SKIPJACK could not, thus allowing it to exceed the boundaries of Capstone confinement in terms of compatibility, of which they desired. This source is around a decade in age, and directly from the government.

Another, older, proposed instance of its use was that of TEED. TEED, or Tactical End-to-End Encryption Device, was designed to initiate end-to-end cryptographic security of base-level Secret and higher-level Top Secret communications, as two possible applications. Further improvements were theorized to provide encryption for both ATM and IP traffic. This is as much as I recall from a source that has aged over five years, but it gives you a briefing on its applicable use. BATON happened to be the candidate for these schematics.

Take this information with a grain of salt (or the entire container, if you'd like) and realize that due to lack of publicly available documentation of these algorithms, the information may be a bit rusty from aged sources and is not worthy of being taken for the gospel. However, what I have mentioned can be referenced, easily, if need be, albeit of little extensive nature. Much of it is dispersed throughout discussion among gurus and protocol specifications, but in a very brief manner - since brief is what we know, in regards to them.

All in all, as mathematical cryptanalysis and cryptographic design standards are my focus, please correct me if my lack of depth in this area is leaving me in the dark of any other public information that might exist.

But as these classified algorithms go, only block and key lengths are usually published or readily available to civilian cryptographers. You'd be surprised at how many algorithms of this nature are floating around, regardless of their class. They just seem to spark little interest, to be honest.

As far as comparing these algorithms to modern household entities, such as Twofish or AES, I won't even begin, as it would be irrelevant, and a disservice, for me to make assumptions. However, it appears that with a 128-bit block length, these algorithms could likely exhibit similar efficient design criteria, performance- and implementation-wise, but as for their juxtaposed security - that is something I can't honestly answer. I have my opinionated theories, but don't we all.

The one conjecture that I will jump to make, which isn't a comparison at all, is that it is highly likely that this algorithm and other similarly-classed algorithms are highly efficient in various hardware implementations. But, that concludes it, for what I'm aware of.

I like to think that this further keeps the lid on the mystery that subsides after the iteration of the letters "N", "S", and "A."

The one conjecture that I will jump to make, which isn't a comparison at all, is that it is highly likely that this algorithm and other similarly-classed algorithms are highly efficient in various hardware implementations. But, that concludes it, for what I'm aware of.

Yes "much of the equipment is off the shelf", per Major Tom Lantzy U.S. Army, 335th Theater Signal Commander. Just me reading into this, it would seem to be very business or possibly consumer hardware level friendly to run on.

Your point of comparing what we are not given any details on with well known algorithms is really not possible and clearly true. I just didn't know how much or how little was publiclly known other than general overviews like the one in my post above.